1
0
Fork 0
mirror of https://github.com/AquariaOSE/Aquaria.git synced 2024-12-24 21:55:42 +00:00

Fix problematic Lua init and add user setting to keep 'os' and 'io' functions.

From the Lua 5.1 manual:
"The luaopen_* functions (to open libraries) cannot be called directly,
like a regular C function. They must be called through Lua,
like a Lua function."

All standard tables are now loaded with luaL_openlibs(), which includes os and io.
Because these are inherently unsafe, there is a new config setting:
<AllowDangerousScriptFunctions on="1" />
This is disabled by default.
The title screen will show a warning when the setting is on.
This commit is contained in:
fgenesis 2014-05-16 01:03:54 +02:00
parent 3db8c9e13a
commit 86d2fcebda
5 changed files with 38 additions and 9 deletions

View file

@ -813,7 +813,10 @@ void loadBitForTexPrecache()
void DSQ::setVersionLabelText()
{
#ifdef AQUARIA_OVERRIDE_VERSION_STRING
versionLabel->setText(AQUARIA_OVERRIDE_VERSION_STRING);
std::string overrideText = AQUARIA_OVERRIDE_VERSION_STRING;
if(user.system.allowDangerousScriptFunctions)
overrideText += continuity.stringBank.get(2050);
versionLabel->setText(overrideText);
return;
#endif
@ -848,6 +851,9 @@ void DSQ::setVersionLabelText()
os << AQUARIA_CUSTOM_BUILD_ID;
#endif
if(user.system.allowDangerousScriptFunctions)
os << continuity.stringBank.get(2050);
versionLabel->setText(os.str());
}
@ -907,13 +913,13 @@ This build is not yet final, and as such there are a couple things lacking. They
// steam gets inited in here
Core::init();
dsq->continuity.stringBank.load();
continuity.stringBank.load();
vars = &v;
v.load();
// steam callbacks are inited here
dsq->continuity.init();
continuity.init();
// do copy stuff
#ifdef BBGE_BUILD_UNIX

View file

@ -60,6 +60,9 @@ bool complainOnGlobalVar = false;
// thread-local variable.
bool complainOnUndefLocal = false;
// Set to true to make 'os' and 'io' Lua tables accessible
bool allowUnsafeFunctions = false;
// List of all interface functions called by C++ code, terminated by NULL.
static const char * const interfaceFunctions[] = {
@ -10650,6 +10653,8 @@ void ScriptInterface::init()
complainOnGlobalVar = devmode;
complainOnUndefLocal = devmode;
allowUnsafeFunctions = dsq->user.system.allowDangerousScriptFunctions;
if (!baseState)
baseState = createLuaVM();
}
@ -10669,11 +10674,15 @@ void *ScriptInterface::the_alloc(void *ud, void *ptr, size_t osize, size_t nsize
lua_State *ScriptInterface::createLuaVM()
{
lua_State *state = lua_newstate(the_alloc, this); /* opens Lua */
luaopen_base(state); /* opens the basic library */
luaopen_table(state); /* opens the table library */
luaopen_string(state); /* opens the string lib. */
luaopen_math(state); /* opens the math lib. */
luaopen_debug(state);
luaL_openlibs(state);
if(!allowUnsafeFunctions)
{
lua_pushnil(state);
lua_setglobal(state, "os");
lua_pushnil(state);
lua_setglobal(state, "io");
}
// Set up various tables for state management:

View file

@ -60,6 +60,12 @@ void UserSettings::save()
xml_devmode.SetAttribute("on", system.devModeOn);
}
xml_system.InsertEndChild(xml_devmode);
TiXmlElement xml_unsafe("AllowDangerousScriptFunctions");
{
xml_unsafe.SetAttribute("on", system.allowDangerousScriptFunctions);
}
xml_system.InsertEndChild(xml_unsafe);
}
doc.InsertEndChild(xml_system);
@ -382,6 +388,12 @@ void UserSettings::load(bool doApply, const std::string &overrideFile)
{
xml_devmode->Attribute("on", &system.devModeOn);
}
TiXmlElement *xml_unsafe = xml_system->FirstChildElement("AllowDangerousScriptFunctions");
if (xml_unsafe)
{
xml_unsafe->Attribute("on", &system.allowDangerousScriptFunctions);
}
}
TiXmlElement *xml_audio = doc.FirstChildElement("Audio");

View file

@ -78,10 +78,11 @@ class UserSettings
public:
struct System
{
System() { debugLogOn = 0; devModeOn = 0; }
System() { debugLogOn = 0; devModeOn = 0; allowDangerousScriptFunctions = 0; }
int debugLogOn;
std::string locale;
int devModeOn;
int allowDangerousScriptFunctions;
} system;
struct Audio

View file

@ -208,6 +208,7 @@
2032 [Achievements]
2033 Retrieving online mod list...
2034 Open URL in web browser?
2050 -- WARNING: Dangerous script functions are ENABLED!
2100 === for options menu ===
2101 Action
2102 Key 1